Description
Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-01
Scores
CVSS v3
9.8
EPSS
0.0140
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-640
Status
published
Products (16)
schneider-electric/mcsesm043f23f0_firmware
< 8.22
schneider-electric/mcsesm053f1cs0_firmware
< 8.22
schneider-electric/mcsesm053f1cu0_firmware
< 8.22
schneider-electric/mcsesm063f2cs0_firmware
< 8.22
schneider-electric/mcsesm063f2cu0_firmware
< 8.22
schneider-electric/mcsesm083f23f0_firmware
< 8.22
schneider-electric/mcsesm083f23f0h_firmware
< 8.22
schneider-electric/mcsesm093f1cs0_firmware
< 8.22
schneider-electric/mcsesm093f1cu0_firmware
< 8.22
schneider-electric/mcsesm103f2cs0_firmware
< 8.22
... and 6 more
Published
May 26, 2021
Tracked Since
Feb 18, 2026